How HackerRank streamlined security due diligence and regained 20% of engineering time
HackerRank is the de facto choice for finding and recruiting technical talent. Companies across the world, including large-scale enterprises like Adobe, Atlassian, and Zynga, rely on HackerRank’s platform to run full-stack skill assessments when hiring developers.
SOC2 Type 1
USA
20%
Decrease in bandwidth spent on compliance tasks
Ready to get started?
Challenge
Because it works with large companies and major institutions like banks, security due diligence is a standard event at HackerRank. And requests for filling out security questionnaires are a common ask. But the process of completing them is long drawn out, time-consuming, and eats into their engineering teams’ bandwidth.
HackerRank needed a solution that could sufficiently offload this process from their engineering team. Because a SOC2 report, by design, spells out the security posture and proves enterprise readiness, it would make the process of filling security questionnaires faster, and in some cases redundant.
“There were times where a customer would outright say that we could either send them a SOC2 report or fill out an Excel sheet with security questions,” remarks Harishankaran K, Co-founder and CTO at HackerRank. “It became evidently clear that a SOC2 report would cut down the time we spent dishing out details of the health of our infrastructure and provide indivisible proof of readiness.”
HackerRank sought out a partner who could help them get SOC2 compliant and generate a Type 1 report without bearing down on their engineering team.
Anytime I use engineers for answering security questions, I take the time they could be using to build the actual product or make features better for our customers. I wanted to see how I could manage compliance with the least amount of engineering time taken away from product development.
Solution
HackerRank chose Sprinto to organize and orchestrate a SOC2 compliance program without trading off its teams’ priorities.
Sprinto’s platform was integrated with HackerRanks’ systems and infrastructure to run automated checks on key SOC2 controls mapped to three major Trust Service Criteria (TSC). As a part of the program, security training modules were made available to 300+ employees directly from the platform, their adherence mapped and measured inside a central dashboard.
“We didn’t know a lot about SOC2 but it was easy to follow Sprinto’s guided implementation plan,” remarks Harishankaran. “A bi-weekly call of 30 minutes is all I ended up spending on my part. A dedicated CSM guided us through the implementation process and then the platform did the rest.”
It’s like having a member in your team who project manages the whole process.
Results
HackerRank reached compliance readiness in a matter of weeks and received its SOC2 Type 1 report shortly after. A summary of this report was later produced and made available to the sales team. “Our GTM team was very happy,” remembers Harishankaran. This SOC2 report has also been added to the HackerRank platform for its customers to download and refer to.
In addition to maintaining security compliance, Sprinto also acts as an observability agent for HackerRank. Because Sprinto’s platform monitors systems continuously, it is able to detect new vulnerabilities in HackerRanks’ critical infra like GitHub, alert admins to the event, and prompt remediation to sustain compliance. “That kind of push and visibility is incredibly helpful,” he exclaims.
Besides the ensuing agility, Harishankaran has also observed an improvement in his degree of awareness of HackerRanks’ security posture since using Sprinto. “As we grow and evolve, keeping up with the maturity becomes important,” he notes. “We are now able to manage security from one place. But over and above this, Sprinto helps us ensure trust in the systems we have in place.”
While the onus is still on the teams and employees to complete their tasks, since using Sprinto, our engineering teams are spending as much as 20% less time looking for problems. The platform automatically alerts us when something needs to be done, where we need to look, and what will take us to the 100% compliance mark.